RADIUSdesk

logo
Trace: muliple-ssids ppp-primer nft-block

This is an old revision of the document!

Table of Contents

Throttling and Blocking Users

Introduction

  • In February 2023 we introduced an enhancement to MESHdesk and APdesk that allows you to throttle or block selected WiFi clients.
  • Sometimes the need arise to block a specified user on the WiFi network without disrupting the other users who are also connected. With this enhancement it can be done in a snap.
  • With capped LTE products there is a risk of using 'to much' data when using streaming services like YouTube. A few mouse clicks allow you to put a speed limit on WiFi clients in order to quickly and effectively reduce their data consumption.

Blocking Junior's friend

  • Nothing like a real life example.
  • So Junior's friend came over and they were going to do some gaming.
  • Junior's friend is a nice guy but the laptop he came with looks a bit dodgy.
  • Soon after he connects to the WiFi the other siblings started with the Daddy the WiFi is broken drill.

  • Now we can try our new feature out to block the chap.
  • We go to MESHdesk; select our mesh network and click the view icon.

  • Note that the top user is a MAC Address we have not yet give a name to. We can safely assume it must be the dodgy laptop.
  • Click on the Pencil Icon in the heading bar of Top 10 Devices to pop-up the Alias for MAC Address window.
  • After you created the alias for the device; click on Block Device (far right icon) in the heading bar to pop up the Block MAC Address window.
  • Since our suspicion about the laptop seems to be valid we will go to the extreme and add a Cloud Wide block.

  • Note we will have a visual indication of the devices that are throttled or blocked.

Slowing Junior Down

  • We got a nice Internet deal from one of our mobile providers with a capped month to month product.
  • Unfortunately since the LTE Connection is good some of the streaming sites Junior visits are opportunistic and streams had a high resolution which in turns deplete our data cap even before the month is over.
  • Since we are pro-active we select all the kids devices and apply a speed limit to them.

  • Again notice that we have a visual indication of the speed limit and also how much it is on those devices that are limited.

Speed test results

  • Speedtest with no speed limit applied

  • Speedtest with 1Mbps Upload and 1Mbps Download speed limit applied

Technical Details

  • If you are an old hand with Linux you are probably very familiar with iptables.
  • In the old days firewalls were done using iptables and in case you needed to do packet management on layer two you would use ebtables.
  • Fast forward to today and we have the much more advanced and user friendly nftables.
  • nftables allows you to do packet management on layer three or layer two.
  • OpenWrt version 22.03 migrated to use nftables instead of iptables.
  • We took the opportunity to take advantage of this improvement with our per device block and speed limit feature.
  • This means that the feature will require OpenWrt version 22.03 or higher based firmware to work correct.
  • Another feature which desitinguesh
Last modified: 2023/02/20 09:50